Crypto exchange Upbit recently claimed that it had identified and fixed a major codebase vulnerability found in its internal digital wallet system and platform while carrying out an urgent probe into the recent $30 million hack / theft that impacted the South Korean exchange this past week. However, it is still not actually quite clear if this particular vulnerability is linked to the damaging security and resulting hack.
As indicated in an official statement from the Korean firm, Chief Executive Officer Oh Kyung-seok explained that the crypto-assets exchange found a certain security vulnerability in their system that could “have allowed someone analyzing publicly visible Upbit wallet transactions on the blockchain to infer private keys,” referencing the cryptographic credentials that provide access to assets.
Although the typical blockchain data does not disclose any private keys, it now seems that Upbit’s digital wallet software had a certain issue / flaw that allegedly created weak and predictable signature data.’
Essentially, this means a potential bad actor analyzing the digital asset exchange’s previous onchain transfers may (possibly) mathematically reconstruct various crypto wallet private keys because of an implementation flaw at Upbit’s end.
The Korean crypto exchange has not actually linked or associated the said vulnerability to the recent hack directly at this time and also stated that the particular vulnerability was identified just after Upbit started a systemwide review process (which reportedly came after irregular / suspicious withdrawals from its Solana wallets on November 27, 2025).
The team said that they had now “identified and addressed the vulnerability during a comprehensive inspection of all related networks and wallet systems,”
The Upbit CEO also mentioned that the firm had moved forward with activating a type of emergency response system and also halted all incoming deposits and withdrawals until its infrastructure is confirmed as being sufficiently secure.
As per the latest update on this issue, Upbit stated that the damaging security breach led to losses of around 44.5 billion KRW (appr. $30 million). This figure now reportedly includes about 38.6 billion KRW (appr. $26 million) in customer assets. And also around 2.3 billion KRW (about $1.5 million) of pilfered assets that have now been frozen, the company claimed.
Upbit said it is currently in the process of carrying out a comprehensive security review across its digital infrastructure. The firm also stated that the recent hack serves as a cautionary reminder that no security system can “ever be considered perfect.” The team added that they will make additional upgrades in an effort to prevent other potential breaches in the foreseeable future.
The crypto-assets exchange also stated that it will share various other updates and will commence deposits as well as withdrawals after its current wallet systems go through more security audits / checks. Upbit has also confirmed that it would be covering all user losses by using its existing reserves.
As reported on November 26, 2026, Upbit had suspended withdrawals right after identifying suspicious SOL related transfers.
The exchange operator then transferred any remaining funds into more secure cold storage and started an extensive wallet system update.
Upbit still remains South Korea’s biggest crypto exchange in terms of overall trading volume, and currently does business under its parent enttity Dunamu, which is getting ready for a merger with Naver (a move that precedes a possible IPO).
Notably, South Korea’s law enforcement agencies have also initiated a probe on the matter.
As widely reported this past week, certain sources believe that North Korea’s infamous Lazarus Group could ultimately be responsible for this latest hack.
But nothing official on this matter has been issued at the time of writing.
Upbit further confirmed that it is now actively engaging with relevant law enforcement officials and web3 initiatives so it can freeze and potentially recover pilfered funds.